home

oneclickstarter.exe

TuneUp Utilities

TuneUp Software GmbH

The executable oneclickstarter.exe, “TuneUp 1-Klick-Starter” has been detected as malware by 8 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler.
Publisher:
TuneUp Software GmbH  (signed and verified)

Product:
TuneUp Utilities

Description:
TuneUp 1-Klick-Starter

Version:
8.0.2000.35

MD5:
197b1fac7823b6c685a9df4a016ee9a1

SHA-1:
57e9cc5f06f4aeafc07cbaf72a6d6d66244b9a57

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/26/2024 10:38:30 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Mabezat [Wrm]
160917-0

AVG
Win32/Mabezat
2013.0.4756

Clam AntiVirus
Win.Trojan.Mabezat-3
0.98/23192

Dr.Web
Win32.HLLW.Tazebama
9.0.1.05190

ESET NOD32
Win32/Mabezat.A virus
6.3.12010.0

F-Prot
W32/Mabezat.A-1
4.6.5.141

F-Secure
Win32.Worm.Mabezat.Gen
5.16.24

Kaspersky
Worm.Win32.Mabezat
15.0.2.529

File size:
1.1 MB (1,135,215 bytes)

Product version:
8.0.2000.35

Copyright:
Copyright © 2003-2008 TuneUp Software GmbH

File type:
Executable application (Win32 EXE)

Language:
Spanish

Common path:
C:\Program Files\tuneup utilities 2009\oneclickstarter.exe

Digital Signature
Signed by:
TuneUp Software GmbH

Authority:
VeriSign, Inc.

Valid from:
6/11/2006 9:00:00 PM

Valid to:
7/8/2009 8:59:59 PM

Subject:
CN=TuneUp Software GmbH, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=TuneUp Software GmbH, L=Darmstadt, S=Hessen, C=DE

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
052B2788E8247A4F13FDED679383C352

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0xB3748

Entry point:
BB, 40, 30, 4B, 00, FF, E3, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, B8, B4, 11, 4B, 00, E8, AA, DC, F4, FF, 33, C0, 55, 68, 9E, 39, 4B, 00, 64, FF, 30, 64, 89, 20, 33, C0, 55, 68, 6B, 39, 4B, 00, 64, FF, 30, 64, 89, 20, E8, 55, 56, FF, FF, 84, C0, 0F, 84, 82, 00, 00, 00, 68, AC, 39, 4B, 00, 6A, 00, 68, 00, 00, 02, 00, E8, EC, E0, F4, FF, A3, AC, 69, 4B, 00, 83, 3D, AC, 69, 4B, 00, 00, 74, 0A, E8, 11, DA, F4, FF, E9, C1, 01, 00, 00, 68, AC, 39, 4B, 00, 6A, FF, 6A, 00, E8, 86, DF, F4, FF, A3, AC, 69, 4B, 00, 33...
 
[+]

Code size:
714 KB (731,136 bytes)

Scheduled Task
Task name:
Mantenimiento con 1 clic

Path:
C:\WINDOWS\Tasks\Mantenimiento con 1 clic.job

Trigger:
Weekly (Runs weekly on Fridays at 23:00)

Description:
Inicia el Mantenimiento con 1 clic en momentos determinados


Remove oneclickstarter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.